我遵循此指南:
https://spring.io/guides/tutorials/spring-boot-oauth2/
我构建了自己的应用程序,该应用程序使用MitreID connect和Oauth2进行Google身份验证。
我在Google和MitreID上都存在退出问题,但让我们关注Google方面。如何注销?
您可以从Github查看/下载代码: 1)客户
https://github.com/Mazzotta13/ClientApplicationForOauth2AndMitre.git
2)AuthenticationServer
https://github.com/Mazzotta13/MitreIDAndOAuth2.git
实际上我不知道了。我尝试了很多类似的事情: 在客户端中使用注销成功成功链接到授权服务器。 客户:
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.antMatcher("/**").authorizeRequests().antMatchers("/webjars/**","/test").permitAll()
.anyRequest().authenticated()
.and()
.logout()
// .addLogoutHandler(new MyLogoutHandler())
.logoutSuccessUrl("http://localhost:8081/exit");
// @formatter:on
}
控制器身份验证服务器:
@RequestMapping("/exit")
public void exit(HttpServletRequest request, HttpServletResponse response) {
// token can be revoked here if needed
new SecurityContextLogoutHandler().logout(request, null, null);
try {
//sending back to client app
response.sendRedirect(request.getHeader("referer"));
} catch (IOException e) {
e.printStackTrace();
}
}
问题可能是我不知道如何删除的xhr令牌。
编辑1。
为了删除令牌,我在客户端控制器上尝试了此操作
@RequestMapping("/logout")
public String logout(HttpServletRequest request, HttpServletResponse response) throws ServletException, URISyntaxException {
SecurityContextHolder.getContext().setAuthentication(null);
request.logout();
SecurityContextHolder.clearContext();
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
CookieClearingLogoutHandler cookieClearingLogoutHandler = new CookieClearingLogoutHandler(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
cookieClearingLogoutHandler.logout(request, response, null);
securityContextLogoutHandler.logout(request, response, null);
SecurityContextHolder.getContext().setAuthentication(null);
return "You have been logout";
谢谢。